Jekyll2018-12-04T18:05:58+00:00/CAD - Centro de Autonomia DigitalCAD is Centro de Autonomia DigitalCAD Newsletter #12018-07-20T15:41:42+00:002018-07-20T15:41:42+00:00/cryptography/2018/07/20/newsletter-1<p>Hello and welcome to our newsletter!</p>
<p>CAD is a non-profit organisation that educates and creates privacy enhancing
tools. We research a lot around crypto, privacy and security, so we thought: why
not share it with the community?</p>
<p>This is the result of this thought. The content is primarily focused on
advanced topics, but we also have some for beginners! For now the
newsletter will be in English, but we have some ideas for having future content
in Portuguese and Spanish!</p>
<p>If you have questions or want to discuss any of the topics, we will happily
receive your comments via email (contact [at] autonomia [dot] digital) or you
can join our IRC channel #cad (on OFTC).</p>
<p>We hope this is useful for you.</p>
<p><br /></p>
<h2 id="security">Security</h2>
<ol>
<li>
<p><a href="https://pdfs.semanticscholar.org/b140/0438b4822d59a64fba31d0dc590306418ac3.pdf?_ga=2.150210100.344772023.1529505294-342377166.1529505294"><strong>Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes</strong></a>
by <em>Daniel Votipka, Rock Stevens, Elissa M. Redmiles, Jeremy Hu, and Michelle L. Mazurek</em>.</p>
</li>
<li>
<p><a href="https://www.youtube.com/watch?v=Qda8plpKDgg"><strong>Dan Boneh talking about the difficulties of implementing cryptography</strong></a></p>
</li>
<li>
<p><a href="https://tools.ietf.org/html/draft-rescorla-tls-esni-00"><strong>Encrypted Server Name Indication for TLS 1.3 draft-rescorla-tls-esni-00</strong></a></p>
</li>
</ol>
<p><br /></p>
<h2 id="privacy">Privacy</h2>
<ol>
<li>
<p><a href="https://www.youtube.com/watch?v=wjfAeiYve1c&amp;list=PLZbR2QOQNK9EjUXYDUJ0rGfxfP7n_nfmP"><strong>Deniability and Secure Messaging. The State of Secure Messaging: Ratchets, Keys, and Metadata</strong></a>
by <em>Nikita Borisov</em>.</p>
</li>
<li>
<p><a href="https://www.youtube.com/watch?v=ftIRNqz6KKY"><strong>Deniable Authentication on the Internet</strong></a>
by <em>Yevgeniy Dodis</em>.</p>
</li>
<li>
<p><a href="https://petsymposium.org/2018/files/papers/issue3/popets-2018-0027.pdf"><strong>Consistent Synchronous Group Off-The-Record Messaging with SYM-GOTR</strong></a>
by <em>Michael Schliep, Eugene Vasserman, and Nicholas Hopper</em>.</p>
</li>
<li>
<p>Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface.
<a href="https://blog.acolyer.org/2018/07/03/privacy-risks-with-facebooks-pii-based-targeting-auditing-a-data-br+okers-advertising-interface/"><strong>Blog post</strong></a>
by <em>The Morning Paper</em>.</p>
<p><a href="https://www.ftc.gov/system/files/documents/public_events/1223263/p155407privacyconmislove_1.pdf"><strong>Paper</strong></a>
by <em>Giridhari Venkatadri, Athanasios Andreou, Yabing Liu et al</em>.</p>
</li>
<li>
<p><a href="https://blog.erratasec.com/2016/10/yes-we-can-validate-wikileaks-emails.html#.Wz2dANhKiu"><strong>DKIM and validation of emails</strong></a>
by <em>Robert Graham</em>.</p>
</li>
<li>
<p><a href="https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf"><strong>Privacy Pass: Bypassing Internet Challenges Anonymously</strong></a>
by <em>Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, and Filippo Valsorda</em>.</p>
</li>
</ol>
<p><br /></p>
<h2 id="cryptography">Cryptography</h2>
<ol>
<li>
<p><a href="https://www.youtube.com/watch?v=LRAN_w1_qmw"><strong>MPC in general</strong></a>
by <em>Nigel Smart</em>.</p>
</li>
<li>
<p><a href="https://www.youtube.com/watch?v=F-XebcVSyJw"><strong>The Moral aspects of Cryptography</strong></a>
by <em>Phil Rogaway</em>.</p>
</li>
<li>
<p><a href="http://spar.isi.jhu.edu/~mgreen/paper-keys-under-doormats.pdf"><strong>Keys Under Doormats</strong></a> by <em>Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner</em>.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2006/461"><strong>On Post-Modern Cryptography</strong></a>
by <em>Oded Goldreich</em>.</p>
</li>
<li>
<p><a href="https://www.ams.org/notices/200708/tx070800972p.pdf"><strong>The Uneasy Relationship Between Mathematics and Cryptography</strong></a>
by <em>Neal Koblitz</em>.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2004/152.pdf"><strong>Another Look at “Provable Security”</strong></a>
by <em>Neal Koblitz and Alfred J. Menezes</em>.</p>
</li>
</ol>
<p><br /></p>
<h2 id="for-beginners">For beginners</h2>
<ol>
<li>
<p><a href="https://www.garykessler.net/library/crypto.html"><strong>An Overview of Cryptography</strong></a>
by <em>Gary C. Kessler</em>.</p>
</li>
<li>
<p><a href="http://www.craigcostello.com.au/pairings/PairingsForBeginners.pdf"><strong>Pairings for beginners</strong></a>
by <em>Craig Costello</em>.</p>
</li>
</ol>
<p><br /></p>
<h2 id="extra-cool-stuff">Extra cool stuff</h2>
<ol>
<li><a href="https://arxiv.org/pdf/1807.00797.pdf"><strong>Black holes and class groups</strong></a>
by <em>Nathan Benjamin, Shamit Kachru, Ken Ono, and Larry Rolen</em>.</li>
</ol>
<p><br /></p>
<hr />
<p><br /></p>
<p>Thanks for reading! If you want to ask further questions or discuss any of the
topics, we will happily receive your comments via email
(contact [at] autonomia [dot] digital) or you can join our IRC channel #cad
(on OFTC).</p>Hello and welcome to our newsletter!CAD at the CryptoRave2018-05-09T14:08:42+00:002018-05-09T14:08:42+00:00/cad/cryptorave/events/2018/05/09/crypto-rave<p>Last weekend was the 6th iteration of CryptoRave, an event held in São Paulo. The whole CAD team - and many of our friends and comrades - were in attendance. We believe that this event is one of the most important happenings around the world for people interested in privacy, anonymity and the politics of these themes. Some people have made comparisons between the Chaos Communication Congress and CryptoRave, and I can definitely see similarities.</p>
<p>There are several things that make CryptoRave an interesting event. It is completely crowdfunded - they don’t have sponsors. The budget for this years event was 70,000 BRL - roughly 20,000 USD. This pays for the full event. They do not ask for any admittance, so anyone is free to come - this means that people who might not have the means to pay will still be able to come, contribute and take part in the event. This year I think there was between 1000 and 1500 people attending.</p>
<p>Another thing that sets this event apart is the program - the emphasis on political talks and discussion about how and why we use technology, instead of just looking at the technology itself, means that this space has a significantly stronger political edge than the events I’m used to. And this is politics from a global south perspective - very different from most of the events where Internet Freedom NGO’s from the global north congregate.</p>
<p>Members of the CAD team presented three talks at this year’s event. Giovane and Cherenkov presented an overview of the OTRv4 project, including its current state and the main improvements the new version of the protocol brings. Representing the CoyIM project, Tania discussed problems with popular instant messaging apps like WhatsApp and how CoyIM offers a secure alternative for communication. Finally, Cherenkov presented an introduction to Elliptic Curves. She talked about its discovery, the algebraic definitions, and how safe elliptic curves, such as goldilocks, can strengthen cryptography.</p>
<p>If you have the possibility, come join us next year - and consider donating as well. It’s an event well worth supporting in any way you can. The CAD team had a great time there, many good moments and important discussions were held.</p>
<p><em>EDIT: This was the 5th interation of CryptoRave, not the 6th as written above. Also, according to the organization, there was around 3500 people attending the event.</em></p>Last weekend was the 6th iteration of CryptoRave, an event held in São Paulo. The whole CAD team - and many of our friends and comrades - were in attendance. We believe that this event is one of the most important happenings around the world for people interested in privacy, anonymity and the politics of these themes. Some people have made comparisons between the Chaos Communication Congress and CryptoRave, and I can definitely see similarities.Introducing the Digital Autonomy Center2018-04-25T14:31:42+00:002018-04-25T14:31:42+00:00/cad/2018/04/25/about-cad<p>In September 2017 two different NGOs - Centro de Autonomia Digital in Brazil, and Centro de Autonomía Digital in Spain were founded. We started out with 12 people - most of whom worked together in the past. Our head quarters are located in São Paulo. The goal was to create an organization where we can work on the issues we really think matters in digital privacy and autonomy.</p>
<p>There are many organizations doing similar kinds of work, but not many operating out of the global south. We wanted to be different, both in funding sources but also what kind of themes and issues we work on - and what kinds of organizations we call friends.</p>
<p>Now it’s 6 months later, and we have most of our infrastructure in place. We have made good progress on our first project - finishing the new OTR specification - and we are gearing up to hiring more people and start new projects. Exactly what those projects will be, we don’t know yet. But our main goal is to provide better privacy and anonymity for as many people as possible in the world. We urgently need it!</p>In September 2017 two different NGOs - Centro de Autonomia Digital in Brazil, and Centro de Autonomía Digital in Spain were founded. We started out with 12 people - most of whom worked together in the past. Our head quarters are located in São Paulo. The goal was to create an organization where we can work on the issues we really think matters in digital privacy and autonomy.